Re: Concurrent-context attack vector vulnerability... - Page 2

guan8 · ‎04-18-2019

Hello!

We are running a cluster of ProLiant DL380 Gen10 servers running VMware ESXi, 6.7.0, 10302608.

On each host, we are seeing a warning when browsing to Monitor => Health. The warning is "Concurrent-context attack vector vulnerability in Intel processors". After reading more about it here https://kb.vmware.com/s/article/55806 , there is a paragraph that says:

Note: It may be necessary to acquire additional hardware, or rebalance existing workloads, before enablement of the ESXi Side-Channel-Aware Scheduler. Organizations can choose not to enable the ESXi Side-Channel-Aware Scheduler after performing a risk assessment and accepting the risk posed by the Concurrent-context attack vector. This is NOT RECOMMENDED and VMware cannot make this decision on behalf of an organization.

We have discussed this in our organization, and we wish to accept the risk and not enable this feature. How do we disable the warning from the vCenter web UI? Since we do not consider this warning relevant for us, we would like to reset this warning to green. Right now it is potentially obscuring other, more relevant warnings.

Thank you in advance.

/Gustav

HFMudd · ‎10-03-2019

I did upgrade 1 environment where we can incorporate SCAv2, not ready to upgrade other environments yet but that is our plan.

xaviers_dx · ‎06-10-2020

These changes remove the warning, but how much does it affect the performance of the host?

msantos91 · ‎11-18-2020

Hi, i have a 5 hosts cluster, in wich im recieving the concurrent-context alarm in security health checks. i tried this in one host and in the results now i see, that one host in state OK while the other 4 remain in warning. so this actually solves the issue or just hide the alarm for this host. by doing this the host is still vulnerable or is it safe???

All

Concurrent-context attack vector vulnerability in Intel processors